Michael Gracie 

Eric Winkelman says don’t eighty-six the tin foil hat just yet: One of the advantages of using encrypted email, is that your message won’t trip some piece of mindless data mining software. Remember, a few years ago, when the FBI was running around investigating an Elementary School Teacher because profiling software picked her as a [...]

Quick and dirty mcrypt usage I don’t know where I discovered the original idea, but in messing around with a PHP app I found the need to encrypt session cookies. Here’s how it was done, with the mcrypt library: //encrypt session cookie function encryptUserCookie($value) { if(!$value) { return false; } $key = SESSION_SALT; $text = [...]

Bruce Schneier, on learning that some health care works stored encrypted information on a USB memory device, along with the key to unlocking the encryption itself: It’s smart to encrypt USB memory devices, but it’s stupid to attach the encryption key to the device….I’m sure they were so proud that they chose a secure encryption [...]

Bruce Schneier recommends a good cleaning and PGP (or TrueCrypt). More on PGP here. I also use Cache Out X for clearing internet and system caches, as well as system logs.

Sadly, the headline is somewhat amiss. Researchers have actually figured out a way to steal data from hard disks which are encrypted in full by operating systems’ resident protection schemes. In other words, I don’t believe this method would work on file/container encryption with passphrases (which happens to be my personal preference).

After the Veterans Administration wrote the script for downplaying risk, when tens of millions of data records were stolen out of an employee’s home, the Bush Administration issued an edict – encrypt all data on government laptops. Good idea, but nobody’s listening. Wonder what the TSA’s “100,000″ number will grow to?

I wish I could say I am shocked and bewildered that the recent data theft out of the State of Ohio was more than 15 times worse than Ted Strickland & Co. made it out to be when the physical drive (?) was stolen out of an employee’s car, but alas I cannot. I wish [...]

The talk is directed at Bitlocker, the full disk encryption in Windows Vista, but it applies to all similar methodologies. It’s simple. Fools don’t have physically secure, unencrypted backups. Fools think everything should run like lightning, regardless of the strain on the system. And, of course, fools lose passwords. Doesn’t sound foolproof. Might I suggest [...]

Now that is saying something, since it is presently January 6th. No, I’m not the one saying it – some security researchers are, and those researchers are implying it could be the biggest bug of the whole year (but I think that is only because they know Acrobat Reader has a huge install base, and [...]

It is the last day of 2006. What better time for predictions… From the experts: The security threats that will bind us in 2007 If you are more inclined to make (or lose) money next year, here’s “the take” from the Washington Post Spamroll says: Spam will not end in late January (and Bill Gates [...]